» WordProserClientIE.dll
Overview
Analysis
File Details
Behaviors (1)

WordProserClientIE.dll

Word Proser Client BHO x86

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The module WordProserClientIE.dll by Wordprosers has been detected as adware by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘WordProser’.

File name:

Publisher:

Word Proser (signed by Wordprosers LLC)

Product:

Word Proser Client BHO x86

Version:

1.10.0.2

MD5:

79230be78437b4835d32a05e34d8cdf2

SHA-1:

d9cc64a2636ab49726f0f28e6cd7819309d37ec3

SHA-256:

9d11bc13b3517fb4e09aa694d5d6b0fd0f00c01cd1ecad415588882c9748a78a

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

1/12/2025 4:02:33 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Wordproser

2015.0.3297

ESET NOD32

Win32/AdWare.Vitruvian (variant)

8.10672

IKARUS anti.virus

PUA.Vitruvian

t3scan.1.8.3.0

Malwarebytes

PUP.Optional.WordProser.A

v2014.11.08.03

NANO AntiVirus

Riskware.Win32.Plugin.dgyity

0.28.6.62995

Reason Heuristics

PUP.BHO.Wordprosers.S

14.11.20.9

File size:

145.6 KB (149,072 bytes)

Product version:

1.10.0.2

Original file name:

WordProserClientIE.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\wordproser_1.10.0.2\ie\wordproserclientie.dll

Digital Signature

Signed by:

Wordprosers LLC

Authority:

GlobalSign nv-sa

Valid from:

6/30/2014 8:58:57 AM

Valid to:

6/30/2016 8:58:57 AM

Subject:

E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112185C82DF38C3E8058F8A898AF88A5B351

Registration

CLSID:

{3EBB5099-9732-48AE-B032-58B702D86EEC}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/4/2014 12:55:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:6qjreRgsCwcl0qvl+GQvVvTRWMpEOpiKsBko8+14w1VLzuthmV1XTEah4mo:tegsCwG0qvl+GQvVv1WMrpwBKlX+gi4x

Entry address:

0xDFEC

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 7F, 45, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C0, DA, 01, 10, E8, 45, 03, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, A8, 0A, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 20, 7C, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3141

Developed / compiled with:

Microsoft Visual C++

Code size:

83.5 KB (85,504 bytes)

Internet Explorer BHO

Display name:

WordProser

CLSID:

{3EBB5099-9732-48AE-B032-58B702D86EEC}

Remove WordProserClientIE.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.